From: Tom Hughes <tom@compton.nu>
Date: Fri, 29 Aug 2014 14:32:30 +0000 (+0100)
Subject: Add custom DH parameters our main certificate
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/7b812075e1b4587296cae9be98f909b7e8b42a45

Add custom DH parameters our main certificate

Java before version 7 can't cope with DH parameters longer
than 1024 bits but Apache 2.4 bases the DH parameter length
on the certificate key length, which is 2048 bits.

http://httpd.apache.org/docs/current/ssl/ssl_faq.html#javadh
---

diff --git a/cookbooks/ssl/files/default/openstreetmap.pem b/cookbooks/ssl/files/default/openstreetmap.pem
index bc808b921..2c0b54c84 100644
--- a/cookbooks/ssl/files/default/openstreetmap.pem
+++ b/cookbooks/ssl/files/default/openstreetmap.pem
@@ -29,3 +29,8 @@ Lpir8zhjNoVThPq4ELcbv+pH7N/nKITDmmlvoWSwQIis2DCTM5KVOiDWE2eAizXQ
 Oi0FZvAScRs1kwCm+9p3Z/pYNJomRE21Wco1tqUMoQsIasBDzKmILNMGXWO8wDuG
 l3L09Dqq6lo/przbhmSSb4Xbktf2IOqHSvYHOus1p3c0+N1lIipTyi2hqe/loA==
 -----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBALyRheYOdJoRfRRYJSSl++1QZxQ4nSdnoVZkb3kdSBweh+XfiiLApDO5
+G+cfiNcwrKiYZBCqQDlPlBBNuY+Xn2acrH9m4g60UJxz6ONezoy2uwEHGyNCF3qf
+Q0uh8zidmjTOHlZ1phKx42W2jpcdnp8rR/F9/m2FkxgY2I4DaYSfAgEF
+-----END DH PARAMETERS-----